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Response to Amendment 

This office action Is responsive to Applicant's amendment received on 
12/11/2006. Claims 1-104 have been cancelled. Claims 105-128 have been added. 
Claims 105-128 are pending. 

Response to Arguments 

Applicant's arguments with respect to claims 105-128 have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
^ forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims105-128 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Balasubramaniam et al., (U.S. Patent No. 6,671,812 and Balasubramaniam 
hereinafter), in view of Muttik, (U.S. Patent No. 6.775.780). 

Regarding claim 105. Balasubramaniam discloses a computer-implemented 
method comprising: 

selecting an active program on a computer system as code under investigation, 
wherein at least some of the code associated with the selected active program is 
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running In kernel mode (i.e., searching for and deleting unused, obsolete, unneeded, or 
undesired software, components, or data on the user computer)(col. 14, lines 4-18). and 
executing malicious code detection code (MCDC) on the computer system, wherein the 

» 

MCDC includes a plurality of detection routines (i.e., anti-virus program), wherein said 
executing includes: applying the plurality of detection routines to the code under 
investigation, wherein said applying includes associating weights to the code under 
investigation in response to detections of a valid program or malicious code; and 
determining whether the code under investigation is a valid program or malicious code 
as a function of the weights associated by the detection routines (i.e., performing a 
software and hardware diagnositcs on the user computer and providing a health report 
card for the user computer)(col. 10, lines 20-67 and col. 11, lines 1-10). 

Moreover, Muttik discloses the detection routines are applied to a given code to 
associate weights to the code in response to detection of a valid or malicious piece of 
code (fig. 2, item 212 - col. 5. lines 14-36). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Balasubramaniam with teachings 
of Muttik because it would allow to include associating possitive and negative weights 
for suspicious and non-malicious activity as disclosed by Muttik. This modification would 
have been obvious because one of ordinary skill in the art would have been motivated 
by the suggestion of Muttik to keep a count of the total weight which is compared 
against a threshold value (Muttik, col. 5, lines 14-20). 
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Regarding claims 115, 127, and 128, Balasubramaniam discloses a computer- 
implemented method comprising: 

selecting a program currently running on a computer system as code under 
investigation, wherein said program is running in a manner that permits infection of 
said computer system (i.e., searching for and deleting unused, obsolete, unneeded, or 
undesired software, components, or data on the user computer), and executing 
malicious code detection code (MCDC) on the computer system, wherein the MCDC 
includes a plurality of detection routines (i.e., anti-virus program), wherein said 
executing includes: applying the plurality of detection routines to the code under 
investigation, wherein said applying includes associating weights to the code under 
investigation in response to detections of a valid program or malicious code, and 
determining whether the code under investigation is a valid program or malicious code 
[as a function of the weights associated by the detection routines](i.e., performing a 
software and hardware diagnositcs on the user computer and providing a health report 
card for the user computer)(col. 10, lines 20-67 and col. 11, lines 1-10). 

Moreover, Muttik discloses the detection routines are applied to a given code to 
associate weights to the code in response to detection of a valid or malicious piece of 
code (fig. 2, item 212 - col. 5, lines 14-36). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Balasubramaniam with teachings 
of Muttik because it would allow to include associating possitive and negative weights 
for suspicious and non-malicious activity as disclosed by Muttik. This modification would 
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have been obvious because one oif ordinary skill in the art would have been motivated 
by the suggestion of Muttik to keep a count of the total weight which is compared 
against a threshold value (Muttik, col. 5, lines 14-20). 

Regarding claims 106 and 116, Balasubramaniam discloses the method of claim 
105. wherein the code under investigation has access to other active programs 
executing on the computer system (i.e., a virus or malicious code on the computer 
system damages the computer system because it has access to other active programs 
executing on the computer system)(col. 10, lines 44-62 and col. 14, lines 4-18). 

Regarding claims 107 and 118, Balasubramaniam discloses the method of claim 
105, further comprising: 

selecting one or more additional active programs as code under investigation, 
and executing said MCDC with respect to said code under investigation (col. 10, lines 
44-62). 

Regarding claims 108 and 119, Balasubramaniam discloses the method of claim 
105. wherein the plurality of detection routines includes a plurality of valid program 
detection routines and a plurality of malicious code detection routines, wherein each of 
the plurality of detection routines individually associates weights to the code under 
investigation in response to detections of a valid program or malicious code (i.e.. 
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performing a software and hardware diagnositcs on the user computer and providing a 
health report card for the user computer)(col. 10, lines 20-67 and col. 1 1 , lines 1-10). 

Moreover, Muttik discloses the detection routines are applied to a given code to 
associate weights to the code in response to detection of a valid or malicious piece of 
code (fig. 2. item 212 - col. 5, lines 14-36). 

Regarding claims 109-114 and 120-126, Balasubramaniam discloses the method 
of claim 105, wherein the malicious code includes remote control software, a keystroke 
logger, spyware, a worm, a Trojan horse, and monitoring software (i.e., viruses and 
. unused, obsolete, unneeded, or undesired software, components, or data on the user 
computer)(col. 10, lines 44-64). 

Regarding claim 117, Balasubramaniam discloses the method of claim 115, 
wherein at least some of the code associated with the selected active program is 
running in kernel mode (col. 14, lines 4-18 and col. 10, lines 44-63). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 



A.S. 

Patent Examiner 
Group 2131 
March 1 , 2007 
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